Device Location API

Q: What location accuracy does the API offer?

The API provides accuracy based on the mobile network (Cell ID), not GPS. This is generally sufficient for proximity verification with security radii of 2 km or more, effective for identifying the device's city or neighborhood.

Q: Do I need explicit customer approval to obtain their location?

Yes. Use of the Device Location API must comply with strict privacy regulations like GDPR and CCPA. Institutions must obtain explicit, traceable consent from the user for security and anti-fraud purposes.

Q: What is the verification radius and how do I define it?

The verification radius is a proximity tolerance parameter (in meters or kilometers) defined in your query. For example, you might use 2 km for ATMs or 500 meters for retail stores based on your risk policy.

Q: Does the API work if the device is on Wi-Fi?

Yes. As long as the device is registered on the mobile network, the API can query the cell ID from the operator, regardless of whether the user is browsing via Wi-Fi or mobile data.

Q: Is the API useful for preventing fraud in pure online transactions?

Absolutely. It can verify if the mobile device location matches the provided shipping or billing address, and detect if a transaction is originating from high-risk or sensitive locations like prisons.

In the world of digital transactions, knowing where a customer can be just as important as knowing who they are. Plusmo's Device Location API is an advanced security tool that provides the location of a mobile device in real time, with critical precision for fraud prevention and logistics optimization.
‍
Our API allows you to execute specific queries about the device's proximity to a determined geographic point, making it an impenetrable defense against identity theft in physical and digital transactions.

More information

Real-Time Geo-Verification: Proximity Fraud Detection and Control

Payment fraud and identity theft are often based on location discrepancy: the physical location where a payment is made (POS or ATM) does not match the location of the legitimate cardholder's mobile device.

Plusmo's Device Location API solves this problem by allowing you to ask the most important question at the moment of the transaction: Is the customer's mobile device actually near where the card or account is being used?

Fraud Scenario and the Plusmo Solution

Suspicious Payment

A scammer makes a withdrawal at an Automated Teller Machine (ATM) or a Point-of-Sale (POS) payment using a cloned card or stolen data.

Risk Detection:

The bank's system detects an unusual or high-risk location or payment pattern.

Location API Activation

The bank immediately performs a proximity verification through the Plusmo API.

More information

Types of Location Queries

Our API is designed to execute two fundamental types of queries that provide unmatched location intelligence:

Verification Query (Proximity): This query is the most used for fraud prevention in transactions.

-Key Question: "Is the mobile device with MSISDN $+5491145388773$ within a 2 km radius of latitude $45.76944$ and longitude $4.925833$?"

-Utility: Verifies if the customer is physically present at the location of the ATM, POS, or online store, thereby validating the operation's legitimacy.
Retrieval Query (Absolute Location): This query is vital for legal compliance, security, and risk management.

-Key Response: Provides the latitude, longitude, accuracy radius, and timestamp of the device's last known location.

-Utility: Allows verification of transactions or accesses made from sensitive or restricted locations (e.g., detecting transactions originating inside or near a prison).

The Geo-Verification-Based Decision Process

The API process is fast, accurate, and decisive:

Parameter Submission: The institution sends the query (MSISDN + Transaction Coordinates + Verification Radius).
Mobile Operator Query: The API connects with the mobile operator's infrastructure to obtain the most recent location of the associated device.
Binary Response: The operator sends a Yes (match) or No (no match) response, confirming whether the device is within the requested radius.
Fraud Rejection: The bank or institution reviews the response. If the response is No (the customer is not at the payment location), the operation is immediately rejected, frustrating the fraud.

Critical Applications of the Location API

The accuracy of our API makes it indispensable in sectors where physical location is a risk or service factor.

Financial Services and Fintech:

-ATM Security: Reduces cloned card fraud by verifying that the cardholder is near the ATM at the moment of withdrawal.

-High-Value In-App Payments: If a payment exceeds a limit, verify the mobile device's proximity to the shipping address or the physical location of the purchase
Logistics and Fleet Management:

-Fleet Management: Track the location of mobile devices (e.g., driver phones or installed devices) within a time range to confirm compliance with routes and schedules.

-Delivery Verification: Confirm that the delivery person or service technician was at the customer's location at the reported time.
Emergency and Navigation Services:

-Emergency Response Systems: Provide the fast and accurate location of the mobile device for security or medical assistance services (subject to local regulations and agreements).

-Security Geofencing: Use the retrieval query to verify if a device has exited or entered predefined geographical areas.
Onboarding and Compliance:

-Regulatory Compliance (AML/KYC): Confirm that the location reported by a new customer during digital onboarding matches the location of their device at that moment, reducing the risk of synthetic or stolen identities.

Strategic Benefits of Integration with Plusmo

Maximum Anti-Fraud Accuracy: Proximity verification is almost impossible to spoof, offering a superior defense against card fraud and identity theft.

Compliance and Governance: Obtain the necessary location data to comply with geographical transaction regulations and internal risk policies.

Optimized Operations: Improve the efficiency of fleet management and dispatch systems by having reliable network location data.

Seamless User Experience: Proximity verification occurs without the customer having to do anything, maintaining security without adding cumbersome steps to the transaction.

Preguntas Frecuentes

What location accuracy does the API offer?

The API provides location accuracy based on the mobile network. This is not GPS, but location at the cell ID level. The accuracy is generally sufficient for proximity verification, allowing you to define security radii of 2 km or more, which are effective for detecting if the device is in the same city or neighborhood as the point of sale.

Do I need explicit customer approval to obtain their location?

Yes. The use of the Device Location API is subject to strict privacy regulations and must comply with end-user consent requirements in each jurisdiction (GDPR, CCPA, etc.). It is fundamental that the institution obtains explicit and traceable customer consent for the use of their location data for security and anti-fraud purposes.

What is the verification radius and how do I define it?

The verification radius is the parameter (in kilometers or meters) that you define in the query to establish the proximity tolerance. For example, a bank could use a 2 km radius for an ATM in a city, or a 500-meter radius for a retail store, based on its risk policy and desired accuracy.

Does the API work if the device is on Wi-Fi?

Yes, as long as the device maintains an active connection to the operator's mobile network (which is what enables cell ID-level tracking). The API queries the operator's network, regardless of whether the end-user's internet connection is via mobile data or Wi-Fi.

Is the API useful for preventing fraud in pure online transactions (without a physical POS)?

Absolutely. In a pure online transaction, you can use the retrieval query to verify if the location of the customer's mobile device matches the billing or shipping address they have provided. If the device is located in a sensitive location (such as a prison) or a high-risk country, the transaction can be flagged for review or rejected.